Class: Aws::SSOAdmin::Client
- Inherits:
-
Seahorse::Client::Base
- Object
- Seahorse::Client::Base
- Aws::SSOAdmin::Client
- Includes:
- ClientStubs
- Defined in:
- gems/aws-sdk-ssoadmin/lib/aws-sdk-ssoadmin/client.rb
Overview
An API client for SSOAdmin. To construct a client, you need to configure a :region
and :credentials
.
client = Aws::SSOAdmin::Client.new(
region: region_name,
credentials: credentials,
# ...
)
For details on configuring region and credentials see the developer guide.
See #initialize for a full list of supported configuration options.
Instance Attribute Summary
Attributes inherited from Seahorse::Client::Base
API Operations collapse
-
#attach_customer_managed_policy_reference_to_permission_set(params = {}) ⇒ Struct
Attaches the specified customer managed policy to the specified PermissionSet.
-
#attach_managed_policy_to_permission_set(params = {}) ⇒ Struct
Attaches an Amazon Web Services managed policy ARN to a permission set.
-
#create_account_assignment(params = {}) ⇒ Types::CreateAccountAssignmentResponse
Assigns access to a principal for a specified Amazon Web Services account using a specified permission set.
-
#create_application(params = {}) ⇒ Types::CreateApplicationResponse
Creates an application in IAM Identity Center for the given application provider.
-
#create_application_assignment(params = {}) ⇒ Struct
Grant application access to a user or group.
-
#create_instance(params = {}) ⇒ Types::CreateInstanceResponse
Creates an instance of IAM Identity Center for a standalone Amazon Web Services account that is not managed by Organizations or a member Amazon Web Services account in an organization.
-
#create_instance_access_control_attribute_configuration(params = {}) ⇒ Struct
Enables the attributes-based access control (ABAC) feature for the specified IAM Identity Center instance.
-
#create_permission_set(params = {}) ⇒ Types::CreatePermissionSetResponse
Creates a permission set within a specified IAM Identity Center instance.
-
#create_trusted_token_issuer(params = {}) ⇒ Types::CreateTrustedTokenIssuerResponse
Creates a connection to a trusted token issuer in an instance of IAM Identity Center.
-
#delete_account_assignment(params = {}) ⇒ Types::DeleteAccountAssignmentResponse
Deletes a principal's access from a specified Amazon Web Services account using a specified permission set.
-
#delete_application(params = {}) ⇒ Struct
Deletes the association with the application.
-
#delete_application_access_scope(params = {}) ⇒ Struct
Deletes an IAM Identity Center access scope from an application.
-
#delete_application_assignment(params = {}) ⇒ Struct
Revoke application access to an application by deleting application assignments for a user or group.
-
#delete_application_authentication_method(params = {}) ⇒ Struct
Deletes an authentication method from an application.
-
#delete_application_grant(params = {}) ⇒ Struct
Deletes a grant from an application.
-
#delete_inline_policy_from_permission_set(params = {}) ⇒ Struct
Deletes the inline policy from a specified permission set.
-
#delete_instance(params = {}) ⇒ Struct
Deletes the instance of IAM Identity Center.
-
#delete_instance_access_control_attribute_configuration(params = {}) ⇒ Struct
Disables the attributes-based access control (ABAC) feature for the specified IAM Identity Center instance and deletes all of the attribute mappings that have been configured.
-
#delete_permission_set(params = {}) ⇒ Struct
Deletes the specified permission set.
-
#delete_permissions_boundary_from_permission_set(params = {}) ⇒ Struct
Deletes the permissions boundary from a specified PermissionSet.
-
#delete_trusted_token_issuer(params = {}) ⇒ Struct
Deletes a trusted token issuer configuration from an instance of IAM Identity Center.
-
#describe_account_assignment_creation_status(params = {}) ⇒ Types::DescribeAccountAssignmentCreationStatusResponse
Describes the status of the assignment creation request.
-
#describe_account_assignment_deletion_status(params = {}) ⇒ Types::DescribeAccountAssignmentDeletionStatusResponse
Describes the status of the assignment deletion request.
-
#describe_application(params = {}) ⇒ Types::DescribeApplicationResponse
Retrieves the details of an application associated with an instance of IAM Identity Center.
-
#describe_application_assignment(params = {}) ⇒ Types::DescribeApplicationAssignmentResponse
Retrieves a direct assignment of a user or group to an application.
-
#describe_application_provider(params = {}) ⇒ Types::DescribeApplicationProviderResponse
Retrieves details about a provider that can be used to connect an Amazon Web Services managed application or customer managed application to IAM Identity Center.
-
#describe_instance(params = {}) ⇒ Types::DescribeInstanceResponse
Returns the details of an instance of IAM Identity Center.
-
#describe_instance_access_control_attribute_configuration(params = {}) ⇒ Types::DescribeInstanceAccessControlAttributeConfigurationResponse
Returns the list of IAM Identity Center identity store attributes that have been configured to work with attributes-based access control (ABAC) for the specified IAM Identity Center instance.
-
#describe_permission_set(params = {}) ⇒ Types::DescribePermissionSetResponse
Gets the details of the permission set.
-
#describe_permission_set_provisioning_status(params = {}) ⇒ Types::DescribePermissionSetProvisioningStatusResponse
Describes the status for the given permission set provisioning request.
-
#describe_trusted_token_issuer(params = {}) ⇒ Types::DescribeTrustedTokenIssuerResponse
Retrieves details about a trusted token issuer configuration stored in an instance of IAM Identity Center.
-
#detach_customer_managed_policy_reference_from_permission_set(params = {}) ⇒ Struct
Detaches the specified customer managed policy from the specified PermissionSet.
-
#detach_managed_policy_from_permission_set(params = {}) ⇒ Struct
Detaches the attached Amazon Web Services managed policy ARN from the specified permission set.
-
#get_application_access_scope(params = {}) ⇒ Types::GetApplicationAccessScopeResponse
Retrieves the authorized targets for an IAM Identity Center access scope for an application.
-
#get_application_assignment_configuration(params = {}) ⇒ Types::GetApplicationAssignmentConfigurationResponse
Retrieves the configuration of PutApplicationAssignmentConfiguration.
-
#get_application_authentication_method(params = {}) ⇒ Types::GetApplicationAuthenticationMethodResponse
Retrieves details about an authentication method used by an application.
-
#get_application_grant(params = {}) ⇒ Types::GetApplicationGrantResponse
Retrieves details about an application grant.
-
#get_inline_policy_for_permission_set(params = {}) ⇒ Types::GetInlinePolicyForPermissionSetResponse
Obtains the inline policy assigned to the permission set.
-
#get_permissions_boundary_for_permission_set(params = {}) ⇒ Types::GetPermissionsBoundaryForPermissionSetResponse
Obtains the permissions boundary for a specified PermissionSet.
-
#list_account_assignment_creation_status(params = {}) ⇒ Types::ListAccountAssignmentCreationStatusResponse
Lists the status of the Amazon Web Services account assignment creation requests for a specified IAM Identity Center instance.
-
#list_account_assignment_deletion_status(params = {}) ⇒ Types::ListAccountAssignmentDeletionStatusResponse
Lists the status of the Amazon Web Services account assignment deletion requests for a specified IAM Identity Center instance.
-
#list_account_assignments(params = {}) ⇒ Types::ListAccountAssignmentsResponse
Lists the assignee of the specified Amazon Web Services account with the specified permission set.
-
#list_account_assignments_for_principal(params = {}) ⇒ Types::ListAccountAssignmentsForPrincipalResponse
Retrieves a list of the IAM Identity Center associated Amazon Web Services accounts that the principal has access to.
-
#list_accounts_for_provisioned_permission_set(params = {}) ⇒ Types::ListAccountsForProvisionedPermissionSetResponse
Lists all the Amazon Web Services accounts where the specified permission set is provisioned.
-
#list_application_access_scopes(params = {}) ⇒ Types::ListApplicationAccessScopesResponse
Lists the access scopes and authorized targets associated with an application.
-
#list_application_assignments(params = {}) ⇒ Types::ListApplicationAssignmentsResponse
Lists Amazon Web Services account users that are assigned to an application.
-
#list_application_assignments_for_principal(params = {}) ⇒ Types::ListApplicationAssignmentsForPrincipalResponse
Lists the applications to which a specified principal is assigned.
-
#list_application_authentication_methods(params = {}) ⇒ Types::ListApplicationAuthenticationMethodsResponse
Lists all of the authentication methods supported by the specified application.
-
#list_application_grants(params = {}) ⇒ Types::ListApplicationGrantsResponse
List the grants associated with an application.
-
#list_application_providers(params = {}) ⇒ Types::ListApplicationProvidersResponse
Lists the application providers configured in the IAM Identity Center identity store.
-
#list_applications(params = {}) ⇒ Types::ListApplicationsResponse
Lists all applications associated with the instance of IAM Identity Center.
-
#list_customer_managed_policy_references_in_permission_set(params = {}) ⇒ Types::ListCustomerManagedPolicyReferencesInPermissionSetResponse
Lists all customer managed policies attached to a specified PermissionSet.
-
#list_instances(params = {}) ⇒ Types::ListInstancesResponse
Lists the details of the organization and account instances of IAM Identity Center that were created in or visible to the account calling this API.
-
#list_managed_policies_in_permission_set(params = {}) ⇒ Types::ListManagedPoliciesInPermissionSetResponse
Lists the Amazon Web Services managed policy that is attached to a specified permission set.
-
#list_permission_set_provisioning_status(params = {}) ⇒ Types::ListPermissionSetProvisioningStatusResponse
Lists the status of the permission set provisioning requests for a specified IAM Identity Center instance.
-
#list_permission_sets(params = {}) ⇒ Types::ListPermissionSetsResponse
Lists the PermissionSets in an IAM Identity Center instance.
-
#list_permission_sets_provisioned_to_account(params = {}) ⇒ Types::ListPermissionSetsProvisionedToAccountResponse
Lists all the permission sets that are provisioned to a specified Amazon Web Services account.
-
#list_tags_for_resource(params = {}) ⇒ Types::ListTagsForResourceResponse
Lists the tags that are attached to a specified resource.
-
#list_trusted_token_issuers(params = {}) ⇒ Types::ListTrustedTokenIssuersResponse
Lists all the trusted token issuers configured in an instance of IAM Identity Center.
-
#provision_permission_set(params = {}) ⇒ Types::ProvisionPermissionSetResponse
The process by which a specified permission set is provisioned to the specified target.
-
#put_application_access_scope(params = {}) ⇒ Struct
Adds or updates the list of authorized targets for an IAM Identity Center access scope for an application.
-
#put_application_assignment_configuration(params = {}) ⇒ Struct
Configure how users gain access to an application.
-
#put_application_authentication_method(params = {}) ⇒ Struct
Adds or updates an authentication method for an application.
-
#put_application_grant(params = {}) ⇒ Struct
Adds a grant to an application.
-
#put_inline_policy_to_permission_set(params = {}) ⇒ Struct
Attaches an inline policy to a permission set.
-
#put_permissions_boundary_to_permission_set(params = {}) ⇒ Struct
Attaches an Amazon Web Services managed or customer managed policy to the specified PermissionSet as a permissions boundary.
-
#tag_resource(params = {}) ⇒ Struct
Associates a set of tags with a specified resource.
-
#untag_resource(params = {}) ⇒ Struct
Disassociates a set of tags from a specified resource.
-
#update_application(params = {}) ⇒ Struct
Updates application properties.
-
#update_instance(params = {}) ⇒ Struct
Update the details for the instance of IAM Identity Center that is owned by the Amazon Web Services account.
-
#update_instance_access_control_attribute_configuration(params = {}) ⇒ Struct
Updates the IAM Identity Center identity store attributes that you can use with the IAM Identity Center instance for attributes-based access control (ABAC).
-
#update_permission_set(params = {}) ⇒ Struct
Updates an existing permission set.
-
#update_trusted_token_issuer(params = {}) ⇒ Struct
Updates the name of the trusted token issuer, or the path of a source attribute or destination attribute for a trusted token issuer configuration.
Instance Method Summary collapse
-
#initialize(options) ⇒ Client
constructor
A new instance of Client.
Methods included from ClientStubs
#api_requests, #stub_data, #stub_responses
Methods inherited from Seahorse::Client::Base
add_plugin, api, clear_plugins, define, new, #operation_names, plugins, remove_plugin, set_api, set_plugins
Methods included from Seahorse::Client::HandlerBuilder
#handle, #handle_request, #handle_response
Constructor Details
#initialize(options) ⇒ Client
Returns a new instance of Client.
453 454 455 |
# File 'gems/aws-sdk-ssoadmin/lib/aws-sdk-ssoadmin/client.rb', line 453 def initialize(*args) super end |
Instance Method Details
#attach_customer_managed_policy_reference_to_permission_set(params = {}) ⇒ Struct
Attaches the specified customer managed policy to the specified PermissionSet.
491 492 493 494 |
# File 'gems/aws-sdk-ssoadmin/lib/aws-sdk-ssoadmin/client.rb', line 491 def (params = {}, = {}) req = build_request(:attach_customer_managed_policy_reference_to_permission_set, params) req.send_request() end |
#attach_managed_policy_to_permission_set(params = {}) ⇒ Struct
Attaches an Amazon Web Services managed policy ARN to a permission set.
ProvisionPermissionSet
after
this operation. Calling ProvisionPermissionSet
applies the
corresponding IAM policy updates to all assigned accounts.
535 536 537 538 |
# File 'gems/aws-sdk-ssoadmin/lib/aws-sdk-ssoadmin/client.rb', line 535 def (params = {}, = {}) req = build_request(:attach_managed_policy_to_permission_set, params) req.send_request() end |
#create_account_assignment(params = {}) ⇒ Types::CreateAccountAssignmentResponse
Assigns access to a principal for a specified Amazon Web Services account using a specified permission set.
CreateAccountAssignment
call, the specified
permission set will automatically be provisioned to the account in the
form of an IAM policy. That policy is attached to the IAM role created
in IAM Identity Center. If the permission set is subsequently updated,
the corresponding IAM policies attached to roles in your accounts will
not be updated automatically. In this case, you must call
ProvisionPermissionSet
to make these updates.
DescribeAccountAssignmentCreationStatus
to describe the status of an
assignment creation request.
624 625 626 627 |
# File 'gems/aws-sdk-ssoadmin/lib/aws-sdk-ssoadmin/client.rb', line 624 def create_account_assignment(params = {}, = {}) req = build_request(:create_account_assignment, params) req.send_request() end |
#create_application(params = {}) ⇒ Types::CreateApplicationResponse
Creates an application in IAM Identity Center for the given application provider.
717 718 719 720 |
# File 'gems/aws-sdk-ssoadmin/lib/aws-sdk-ssoadmin/client.rb', line 717 def create_application(params = {}, = {}) req = build_request(:create_application, params) req.send_request() end |
#create_application_assignment(params = {}) ⇒ Struct
Grant application access to a user or group.
753 754 755 756 |
# File 'gems/aws-sdk-ssoadmin/lib/aws-sdk-ssoadmin/client.rb', line 753 def create_application_assignment(params = {}, = {}) req = build_request(:create_application_assignment, params) req.send_request() end |
#create_instance(params = {}) ⇒ Types::CreateInstanceResponse
Creates an instance of IAM Identity Center for a standalone Amazon Web Services account that is not managed by Organizations or a member Amazon Web Services account in an organization. You can create only one instance per account and across all Amazon Web Services Regions.
The CreateInstance request is rejected if the following apply:
The instance is created within the organization management account.
An instance already exists in the same account.
822 823 824 825 |
# File 'gems/aws-sdk-ssoadmin/lib/aws-sdk-ssoadmin/client.rb', line 822 def create_instance(params = {}, = {}) req = build_request(:create_instance, params) req.send_request() end |
#create_instance_access_control_attribute_configuration(params = {}) ⇒ Struct
Enables the attributes-based access control (ABAC) feature for the specified IAM Identity Center instance. You can also specify new attributes to add to your ABAC configuration during the enabling process. For more information about ABAC, see Attribute-Based Access Control in the IAM Identity Center User Guide.
DescribeInstanceAccessControlAttributeConfiguration
to validate that
InstanceAccessControlAttributeConfiguration
was created.
876 877 878 879 |
# File 'gems/aws-sdk-ssoadmin/lib/aws-sdk-ssoadmin/client.rb', line 876 def create_instance_access_control_attribute_configuration(params = {}, = {}) req = build_request(:create_instance_access_control_attribute_configuration, params) req.send_request() end |
#create_permission_set(params = {}) ⇒ Types::CreatePermissionSetResponse
Creates a permission set within a specified IAM Identity Center instance.
CreateAccountAssignment
.
946 947 948 949 |
# File 'gems/aws-sdk-ssoadmin/lib/aws-sdk-ssoadmin/client.rb', line 946 def (params = {}, = {}) req = build_request(:create_permission_set, params) req.send_request() end |
#create_trusted_token_issuer(params = {}) ⇒ Types::CreateTrustedTokenIssuerResponse
Creates a connection to a trusted token issuer in an instance of IAM Identity Center. A trusted token issuer enables trusted identity propagation to be used with applications that authenticate outside of Amazon Web Services.
This trusted token issuer describes an external identity provider (IdP) that can generate claims or assertions in the form of access tokens for a user. Applications enabled for IAM Identity Center can use these tokens for authentication.
1037 1038 1039 1040 |
# File 'gems/aws-sdk-ssoadmin/lib/aws-sdk-ssoadmin/client.rb', line 1037 def create_trusted_token_issuer(params = {}, = {}) req = build_request(:create_trusted_token_issuer, params) req.send_request() end |
#delete_account_assignment(params = {}) ⇒ Types::DeleteAccountAssignmentResponse
Deletes a principal's access from a specified Amazon Web Services account using a specified permission set.
DescribeAccountAssignmentDeletionStatus
to describe the status of an
assignment deletion request.
1110 1111 1112 1113 |
# File 'gems/aws-sdk-ssoadmin/lib/aws-sdk-ssoadmin/client.rb', line 1110 def delete_account_assignment(params = {}, = {}) req = build_request(:delete_account_assignment, params) req.send_request() end |
#delete_application(params = {}) ⇒ Struct
Deletes the association with the application. The connected service resource still exists.
1136 1137 1138 1139 |
# File 'gems/aws-sdk-ssoadmin/lib/aws-sdk-ssoadmin/client.rb', line 1136 def delete_application(params = {}, = {}) req = build_request(:delete_application, params) req.send_request() end |
#delete_application_access_scope(params = {}) ⇒ Struct
Deletes an IAM Identity Center access scope from an application.
1162 1163 1164 1165 |
# File 'gems/aws-sdk-ssoadmin/lib/aws-sdk-ssoadmin/client.rb', line 1162 def delete_application_access_scope(params = {}, = {}) req = build_request(:delete_application_access_scope, params) req.send_request() end |
#delete_application_assignment(params = {}) ⇒ Struct
Revoke application access to an application by deleting application assignments for a user or group.
1198 1199 1200 1201 |
# File 'gems/aws-sdk-ssoadmin/lib/aws-sdk-ssoadmin/client.rb', line 1198 def delete_application_assignment(params = {}, = {}) req = build_request(:delete_application_assignment, params) req.send_request() end |
#delete_application_authentication_method(params = {}) ⇒ Struct
Deletes an authentication method from an application.
1226 1227 1228 1229 |
# File 'gems/aws-sdk-ssoadmin/lib/aws-sdk-ssoadmin/client.rb', line 1226 def delete_application_authentication_method(params = {}, = {}) req = build_request(:delete_application_authentication_method, params) req.send_request() end |
#delete_application_grant(params = {}) ⇒ Struct
Deletes a grant from an application.
1252 1253 1254 1255 |
# File 'gems/aws-sdk-ssoadmin/lib/aws-sdk-ssoadmin/client.rb', line 1252 def delete_application_grant(params = {}, = {}) req = build_request(:delete_application_grant, params) req.send_request() end |
#delete_inline_policy_from_permission_set(params = {}) ⇒ Struct
Deletes the inline policy from a specified permission set.
1282 1283 1284 1285 |
# File 'gems/aws-sdk-ssoadmin/lib/aws-sdk-ssoadmin/client.rb', line 1282 def (params = {}, = {}) req = build_request(:delete_inline_policy_from_permission_set, params) req.send_request() end |
#delete_instance(params = {}) ⇒ Struct
Deletes the instance of IAM Identity Center. Only the account that owns the instance can call this API. Neither the delegated administrator nor member account can delete the organization instance, but those roles can delete their own instance.
1308 1309 1310 1311 |
# File 'gems/aws-sdk-ssoadmin/lib/aws-sdk-ssoadmin/client.rb', line 1308 def delete_instance(params = {}, = {}) req = build_request(:delete_instance, params) req.send_request() end |
#delete_instance_access_control_attribute_configuration(params = {}) ⇒ Struct
Disables the attributes-based access control (ABAC) feature for the specified IAM Identity Center instance and deletes all of the attribute mappings that have been configured. Once deleted, any attributes that are received from an identity source and any custom attributes you have previously configured will not be passed. For more information about ABAC, see Attribute-Based Access Control in the IAM Identity Center User Guide.
1338 1339 1340 1341 |
# File 'gems/aws-sdk-ssoadmin/lib/aws-sdk-ssoadmin/client.rb', line 1338 def delete_instance_access_control_attribute_configuration(params = {}, = {}) req = build_request(:delete_instance_access_control_attribute_configuration, params) req.send_request() end |
#delete_permission_set(params = {}) ⇒ Struct
Deletes the specified permission set.
1368 1369 1370 1371 |
# File 'gems/aws-sdk-ssoadmin/lib/aws-sdk-ssoadmin/client.rb', line 1368 def (params = {}, = {}) req = build_request(:delete_permission_set, params) req.send_request() end |
#delete_permissions_boundary_from_permission_set(params = {}) ⇒ Struct
Deletes the permissions boundary from a specified PermissionSet.
1395 1396 1397 1398 |
# File 'gems/aws-sdk-ssoadmin/lib/aws-sdk-ssoadmin/client.rb', line 1395 def (params = {}, = {}) req = build_request(:delete_permissions_boundary_from_permission_set, params) req.send_request() end |
#delete_trusted_token_issuer(params = {}) ⇒ Struct
Deletes a trusted token issuer configuration from an instance of IAM Identity Center.
1424 1425 1426 1427 |
# File 'gems/aws-sdk-ssoadmin/lib/aws-sdk-ssoadmin/client.rb', line 1424 def delete_trusted_token_issuer(params = {}, = {}) req = build_request(:delete_trusted_token_issuer, params) req.send_request() end |
#describe_account_assignment_creation_status(params = {}) ⇒ Types::DescribeAccountAssignmentCreationStatusResponse
Describes the status of the assignment creation request.
1468 1469 1470 1471 |
# File 'gems/aws-sdk-ssoadmin/lib/aws-sdk-ssoadmin/client.rb', line 1468 def describe_account_assignment_creation_status(params = {}, = {}) req = build_request(:describe_account_assignment_creation_status, params) req.send_request() end |
#describe_account_assignment_deletion_status(params = {}) ⇒ Types::DescribeAccountAssignmentDeletionStatusResponse
Describes the status of the assignment deletion request.
1512 1513 1514 1515 |
# File 'gems/aws-sdk-ssoadmin/lib/aws-sdk-ssoadmin/client.rb', line 1512 def describe_account_assignment_deletion_status(params = {}, = {}) req = build_request(:describe_account_assignment_deletion_status, params) req.send_request() end |
#describe_application(params = {}) ⇒ Types::DescribeApplicationResponse
Retrieves the details of an application associated with an instance of IAM Identity Center.
1562 1563 1564 1565 |
# File 'gems/aws-sdk-ssoadmin/lib/aws-sdk-ssoadmin/client.rb', line 1562 def describe_application(params = {}, = {}) req = build_request(:describe_application, params) req.send_request() end |
#describe_application_assignment(params = {}) ⇒ Types::DescribeApplicationAssignmentResponse
Retrieves a direct assignment of a user or group to an application. If the user doesn’t have a direct assignment to the application, the user may still have access to the application through a group. Therefore, don’t use this API to test access to an application for a user. Instead use ListApplicationAssignmentsForPrincipal.
1614 1615 1616 1617 |
# File 'gems/aws-sdk-ssoadmin/lib/aws-sdk-ssoadmin/client.rb', line 1614 def describe_application_assignment(params = {}, = {}) req = build_request(:describe_application_assignment, params) req.send_request() end |
#describe_application_provider(params = {}) ⇒ Types::DescribeApplicationProviderResponse
Retrieves details about a provider that can be used to connect an Amazon Web Services managed application or customer managed application to IAM Identity Center.
1655 1656 1657 1658 |
# File 'gems/aws-sdk-ssoadmin/lib/aws-sdk-ssoadmin/client.rb', line 1655 def describe_application_provider(params = {}, = {}) req = build_request(:describe_application_provider, params) req.send_request() end |
#describe_instance(params = {}) ⇒ Types::DescribeInstanceResponse
Returns the details of an instance of IAM Identity Center. The status can be one of the following:
CREATE_IN_PROGRESS
- The instance is in the process of being created. When the instance is ready for use, DescribeInstance returns the status ofACTIVE
. While the instance is in theCREATE_IN_PROGRESS
state, you can call only DescribeInstance and DeleteInstance operations.DELETE_IN_PROGRESS
- The instance is being deleted. ReturnsAccessDeniedException
after the delete operation completes.ACTIVE
- The instance is active.
1706 1707 1708 1709 |
# File 'gems/aws-sdk-ssoadmin/lib/aws-sdk-ssoadmin/client.rb', line 1706 def describe_instance(params = {}, = {}) req = build_request(:describe_instance, params) req.send_request() end |
#describe_instance_access_control_attribute_configuration(params = {}) ⇒ Types::DescribeInstanceAccessControlAttributeConfigurationResponse
Returns the list of IAM Identity Center identity store attributes that have been configured to work with attributes-based access control (ABAC) for the specified IAM Identity Center instance. This will not return attributes configured and sent by an external identity provider. For more information about ABAC, see Attribute-Based Access Control in the IAM Identity Center User Guide.
1748 1749 1750 1751 |
# File 'gems/aws-sdk-ssoadmin/lib/aws-sdk-ssoadmin/client.rb', line 1748 def describe_instance_access_control_attribute_configuration(params = {}, = {}) req = build_request(:describe_instance_access_control_attribute_configuration, params) req.send_request() end |
#describe_permission_set(params = {}) ⇒ Types::DescribePermissionSetResponse
Gets the details of the permission set.
1789 1790 1791 1792 |
# File 'gems/aws-sdk-ssoadmin/lib/aws-sdk-ssoadmin/client.rb', line 1789 def (params = {}, = {}) req = build_request(:describe_permission_set, params) req.send_request() end |
#describe_permission_set_provisioning_status(params = {}) ⇒ Types::DescribePermissionSetProvisioningStatusResponse
Describes the status for the given permission set provisioning request.
1832 1833 1834 1835 |
# File 'gems/aws-sdk-ssoadmin/lib/aws-sdk-ssoadmin/client.rb', line 1832 def (params = {}, = {}) req = build_request(:describe_permission_set_provisioning_status, params) req.send_request() end |
#describe_trusted_token_issuer(params = {}) ⇒ Types::DescribeTrustedTokenIssuerResponse
Retrieves details about a trusted token issuer configuration stored in an instance of IAM Identity Center. Details include the name of the trusted token issuer, the issuer URL, and the path of the source attribute and the destination attribute for a trusted token issuer configuration.
1874 1875 1876 1877 |
# File 'gems/aws-sdk-ssoadmin/lib/aws-sdk-ssoadmin/client.rb', line 1874 def describe_trusted_token_issuer(params = {}, = {}) req = build_request(:describe_trusted_token_issuer, params) req.send_request() end |
#detach_customer_managed_policy_reference_from_permission_set(params = {}) ⇒ Struct
Detaches the specified customer managed policy from the specified PermissionSet.
1911 1912 1913 1914 |
# File 'gems/aws-sdk-ssoadmin/lib/aws-sdk-ssoadmin/client.rb', line 1911 def (params = {}, = {}) req = build_request(:detach_customer_managed_policy_reference_from_permission_set, params) req.send_request() end |
#detach_managed_policy_from_permission_set(params = {}) ⇒ Struct
Detaches the attached Amazon Web Services managed policy ARN from the specified permission set.
1947 1948 1949 1950 |
# File 'gems/aws-sdk-ssoadmin/lib/aws-sdk-ssoadmin/client.rb', line 1947 def (params = {}, = {}) req = build_request(:detach_managed_policy_from_permission_set, params) req.send_request() end |
#get_application_access_scope(params = {}) ⇒ Types::GetApplicationAccessScopeResponse
Retrieves the authorized targets for an IAM Identity Center access scope for an application.
1985 1986 1987 1988 |
# File 'gems/aws-sdk-ssoadmin/lib/aws-sdk-ssoadmin/client.rb', line 1985 def get_application_access_scope(params = {}, = {}) req = build_request(:get_application_access_scope, params) req.send_request() end |
#get_application_assignment_configuration(params = {}) ⇒ Types::GetApplicationAssignmentConfigurationResponse
Retrieves the configuration of PutApplicationAssignmentConfiguration.
2016 2017 2018 2019 |
# File 'gems/aws-sdk-ssoadmin/lib/aws-sdk-ssoadmin/client.rb', line 2016 def get_application_assignment_configuration(params = {}, = {}) req = build_request(:get_application_assignment_configuration, params) req.send_request() end |
#get_application_authentication_method(params = {}) ⇒ Types::GetApplicationAuthenticationMethodResponse
Retrieves details about an authentication method used by an application.
2050 2051 2052 2053 |
# File 'gems/aws-sdk-ssoadmin/lib/aws-sdk-ssoadmin/client.rb', line 2050 def get_application_authentication_method(params = {}, = {}) req = build_request(:get_application_authentication_method, params) req.send_request() end |
#get_application_grant(params = {}) ⇒ Types::GetApplicationGrantResponse
Retrieves details about an application grant.
2087 2088 2089 2090 |
# File 'gems/aws-sdk-ssoadmin/lib/aws-sdk-ssoadmin/client.rb', line 2087 def get_application_grant(params = {}, = {}) req = build_request(:get_application_grant, params) req.send_request() end |
#get_inline_policy_for_permission_set(params = {}) ⇒ Types::GetInlinePolicyForPermissionSetResponse
Obtains the inline policy assigned to the permission set.
2123 2124 2125 2126 |
# File 'gems/aws-sdk-ssoadmin/lib/aws-sdk-ssoadmin/client.rb', line 2123 def (params = {}, = {}) req = build_request(:get_inline_policy_for_permission_set, params) req.send_request() end |
#get_permissions_boundary_for_permission_set(params = {}) ⇒ Types::GetPermissionsBoundaryForPermissionSetResponse
Obtains the permissions boundary for a specified PermissionSet.
2158 2159 2160 2161 |
# File 'gems/aws-sdk-ssoadmin/lib/aws-sdk-ssoadmin/client.rb', line 2158 def (params = {}, = {}) req = build_request(:get_permissions_boundary_for_permission_set, params) req.send_request() end |
#list_account_assignment_creation_status(params = {}) ⇒ Types::ListAccountAssignmentCreationStatusResponse
Lists the status of the Amazon Web Services account assignment creation requests for a specified IAM Identity Center instance.
The returned response is a pageable response and is Enumerable. For details on usage see PageableResponse.
2213 2214 2215 2216 |
# File 'gems/aws-sdk-ssoadmin/lib/aws-sdk-ssoadmin/client.rb', line 2213 def list_account_assignment_creation_status(params = {}, = {}) req = build_request(:list_account_assignment_creation_status, params) req.send_request() end |
#list_account_assignment_deletion_status(params = {}) ⇒ Types::ListAccountAssignmentDeletionStatusResponse
Lists the status of the Amazon Web Services account assignment deletion requests for a specified IAM Identity Center instance.
The returned response is a pageable response and is Enumerable. For details on usage see PageableResponse.
2268 2269 2270 2271 |
# File 'gems/aws-sdk-ssoadmin/lib/aws-sdk-ssoadmin/client.rb', line 2268 def list_account_assignment_deletion_status(params = {}, = {}) req = build_request(:list_account_assignment_deletion_status, params) req.send_request() end |
#list_account_assignments(params = {}) ⇒ Types::ListAccountAssignmentsResponse
Lists the assignee of the specified Amazon Web Services account with the specified permission set.
The returned response is a pageable response and is Enumerable. For details on usage see PageableResponse.
2327 2328 2329 2330 |
# File 'gems/aws-sdk-ssoadmin/lib/aws-sdk-ssoadmin/client.rb', line 2327 def list_account_assignments(params = {}, = {}) req = build_request(:list_account_assignments, params) req.send_request() end |
#list_account_assignments_for_principal(params = {}) ⇒ Types::ListAccountAssignmentsForPrincipalResponse
Retrieves a list of the IAM Identity Center associated Amazon Web Services accounts that the principal has access to.
The returned response is a pageable response and is Enumerable. For details on usage see PageableResponse.
2400 2401 2402 2403 |
# File 'gems/aws-sdk-ssoadmin/lib/aws-sdk-ssoadmin/client.rb', line 2400 def list_account_assignments_for_principal(params = {}, = {}) req = build_request(:list_account_assignments_for_principal, params) req.send_request() end |
#list_accounts_for_provisioned_permission_set(params = {}) ⇒ Types::ListAccountsForProvisionedPermissionSetResponse
Lists all the Amazon Web Services accounts where the specified permission set is provisioned.
The returned response is a pageable response and is Enumerable. For details on usage see PageableResponse.
2457 2458 2459 2460 |
# File 'gems/aws-sdk-ssoadmin/lib/aws-sdk-ssoadmin/client.rb', line 2457 def (params = {}, = {}) req = build_request(:list_accounts_for_provisioned_permission_set, params) req.send_request() end |
#list_application_access_scopes(params = {}) ⇒ Types::ListApplicationAccessScopesResponse
Lists the access scopes and authorized targets associated with an application.
The returned response is a pageable response and is Enumerable. For details on usage see PageableResponse.
2512 2513 2514 2515 |
# File 'gems/aws-sdk-ssoadmin/lib/aws-sdk-ssoadmin/client.rb', line 2512 def list_application_access_scopes(params = {}, = {}) req = build_request(:list_application_access_scopes, params) req.send_request() end |
#list_application_assignments(params = {}) ⇒ Types::ListApplicationAssignmentsResponse
Lists Amazon Web Services account users that are assigned to an application.
The returned response is a pageable response and is Enumerable. For details on usage see PageableResponse.
2567 2568 2569 2570 |
# File 'gems/aws-sdk-ssoadmin/lib/aws-sdk-ssoadmin/client.rb', line 2567 def list_application_assignments(params = {}, = {}) req = build_request(:list_application_assignments, params) req.send_request() end |
#list_application_assignments_for_principal(params = {}) ⇒ Types::ListApplicationAssignmentsForPrincipalResponse
Lists the applications to which a specified principal is assigned.
The returned response is a pageable response and is Enumerable. For details on usage see PageableResponse.
2639 2640 2641 2642 |
# File 'gems/aws-sdk-ssoadmin/lib/aws-sdk-ssoadmin/client.rb', line 2639 def list_application_assignments_for_principal(params = {}, = {}) req = build_request(:list_application_assignments_for_principal, params) req.send_request() end |
#list_application_authentication_methods(params = {}) ⇒ Types::ListApplicationAuthenticationMethodsResponse
Lists all of the authentication methods supported by the specified application.
The returned response is a pageable response and is Enumerable. For details on usage see PageableResponse.
2682 2683 2684 2685 |
# File 'gems/aws-sdk-ssoadmin/lib/aws-sdk-ssoadmin/client.rb', line 2682 def list_application_authentication_methods(params = {}, = {}) req = build_request(:list_application_authentication_methods, params) req.send_request() end |
#list_application_grants(params = {}) ⇒ Types::ListApplicationGrantsResponse
List the grants associated with an application.
The returned response is a pageable response and is Enumerable. For details on usage see PageableResponse.
2729 2730 2731 2732 |
# File 'gems/aws-sdk-ssoadmin/lib/aws-sdk-ssoadmin/client.rb', line 2729 def list_application_grants(params = {}, = {}) req = build_request(:list_application_grants, params) req.send_request() end |
#list_application_providers(params = {}) ⇒ Types::ListApplicationProvidersResponse
Lists the application providers configured in the IAM Identity Center identity store.
The returned response is a pageable response and is Enumerable. For details on usage see PageableResponse.
2785 2786 2787 2788 |
# File 'gems/aws-sdk-ssoadmin/lib/aws-sdk-ssoadmin/client.rb', line 2785 def list_application_providers(params = {}, = {}) req = build_request(:list_application_providers, params) req.send_request() end |
#list_applications(params = {}) ⇒ Types::ListApplicationsResponse
Lists all applications associated with the instance of IAM Identity
Center. When listing applications for an instance in the management
account, member accounts must use the applicationAccount
parameter
to filter the list to only applications created from that account.
The returned response is a pageable response and is Enumerable. For details on usage see PageableResponse.
2861 2862 2863 2864 |
# File 'gems/aws-sdk-ssoadmin/lib/aws-sdk-ssoadmin/client.rb', line 2861 def list_applications(params = {}, = {}) req = build_request(:list_applications, params) req.send_request() end |
#list_customer_managed_policy_references_in_permission_set(params = {}) ⇒ Types::ListCustomerManagedPolicyReferencesInPermissionSetResponse
Lists all customer managed policies attached to a specified PermissionSet.
The returned response is a pageable response and is Enumerable. For details on usage see PageableResponse.
2910 2911 2912 2913 |
# File 'gems/aws-sdk-ssoadmin/lib/aws-sdk-ssoadmin/client.rb', line 2910 def (params = {}, = {}) req = build_request(:list_customer_managed_policy_references_in_permission_set, params) req.send_request() end |
#list_instances(params = {}) ⇒ Types::ListInstancesResponse
Lists the details of the organization and account instances of IAM Identity Center that were created in or visible to the account calling this API.
The returned response is a pageable response and is Enumerable. For details on usage see PageableResponse.
2955 2956 2957 2958 |
# File 'gems/aws-sdk-ssoadmin/lib/aws-sdk-ssoadmin/client.rb', line 2955 def list_instances(params = {}, = {}) req = build_request(:list_instances, params) req.send_request() end |
#list_managed_policies_in_permission_set(params = {}) ⇒ Types::ListManagedPoliciesInPermissionSetResponse
Lists the Amazon Web Services managed policy that is attached to a specified permission set.
The returned response is a pageable response and is Enumerable. For details on usage see PageableResponse.
3007 3008 3009 3010 |
# File 'gems/aws-sdk-ssoadmin/lib/aws-sdk-ssoadmin/client.rb', line 3007 def (params = {}, = {}) req = build_request(:list_managed_policies_in_permission_set, params) req.send_request() end |
#list_permission_set_provisioning_status(params = {}) ⇒ Types::ListPermissionSetProvisioningStatusResponse
Lists the status of the permission set provisioning requests for a specified IAM Identity Center instance.
The returned response is a pageable response and is Enumerable. For details on usage see PageableResponse.
3062 3063 3064 3065 |
# File 'gems/aws-sdk-ssoadmin/lib/aws-sdk-ssoadmin/client.rb', line 3062 def (params = {}, = {}) req = build_request(:list_permission_set_provisioning_status, params) req.send_request() end |
#list_permission_sets(params = {}) ⇒ Types::ListPermissionSetsResponse
Lists the PermissionSets in an IAM Identity Center instance.
The returned response is a pageable response and is Enumerable. For details on usage see PageableResponse.
3108 3109 3110 3111 |
# File 'gems/aws-sdk-ssoadmin/lib/aws-sdk-ssoadmin/client.rb', line 3108 def (params = {}, = {}) req = build_request(:list_permission_sets, params) req.send_request() end |
#list_permission_sets_provisioned_to_account(params = {}) ⇒ Types::ListPermissionSetsProvisionedToAccountResponse
Lists all the permission sets that are provisioned to a specified Amazon Web Services account.
The returned response is a pageable response and is Enumerable. For details on usage see PageableResponse.
3164 3165 3166 3167 |
# File 'gems/aws-sdk-ssoadmin/lib/aws-sdk-ssoadmin/client.rb', line 3164 def (params = {}, = {}) req = build_request(:list_permission_sets_provisioned_to_account, params) req.send_request() end |
#list_tags_for_resource(params = {}) ⇒ Types::ListTagsForResourceResponse
Lists the tags that are attached to a specified resource.
The returned response is a pageable response and is Enumerable. For details on usage see PageableResponse.
3211 3212 3213 3214 |
# File 'gems/aws-sdk-ssoadmin/lib/aws-sdk-ssoadmin/client.rb', line 3211 def (params = {}, = {}) req = build_request(:list_tags_for_resource, params) req.send_request() end |
#list_trusted_token_issuers(params = {}) ⇒ Types::ListTrustedTokenIssuersResponse
Lists all the trusted token issuers configured in an instance of IAM Identity Center.
The returned response is a pageable response and is Enumerable. For details on usage see PageableResponse.
3267 3268 3269 3270 |
# File 'gems/aws-sdk-ssoadmin/lib/aws-sdk-ssoadmin/client.rb', line 3267 def list_trusted_token_issuers(params = {}, = {}) req = build_request(:list_trusted_token_issuers, params) req.send_request() end |
#provision_permission_set(params = {}) ⇒ Types::ProvisionPermissionSetResponse
The process by which a specified permission set is provisioned to the specified target.
3318 3319 3320 3321 |
# File 'gems/aws-sdk-ssoadmin/lib/aws-sdk-ssoadmin/client.rb', line 3318 def (params = {}, = {}) req = build_request(:provision_permission_set, params) req.send_request() end |
#put_application_access_scope(params = {}) ⇒ Struct
Adds or updates the list of authorized targets for an IAM Identity Center access scope for an application.
3352 3353 3354 3355 |
# File 'gems/aws-sdk-ssoadmin/lib/aws-sdk-ssoadmin/client.rb', line 3352 def put_application_access_scope(params = {}, = {}) req = build_request(:put_application_access_scope, params) req.send_request() end |
#put_application_assignment_configuration(params = {}) ⇒ Struct
Configure how users gain access to an application. If
AssignmentsRequired
is true
(default value), users don’t have
access to the application unless an assignment is created using the
CreateApplicationAssignment API. If false
, all users have
access to the application. If an assignment is created using
CreateApplicationAssignment., the user retains access if
AssignmentsRequired
is set to true
.
3398 3399 3400 3401 |
# File 'gems/aws-sdk-ssoadmin/lib/aws-sdk-ssoadmin/client.rb', line 3398 def put_application_assignment_configuration(params = {}, = {}) req = build_request(:put_application_assignment_configuration, params) req.send_request() end |
#put_application_authentication_method(params = {}) ⇒ Struct
Adds or updates an authentication method for an application.
3437 3438 3439 3440 |
# File 'gems/aws-sdk-ssoadmin/lib/aws-sdk-ssoadmin/client.rb', line 3437 def put_application_authentication_method(params = {}, = {}) req = build_request(:put_application_authentication_method, params) req.send_request() end |
#put_application_grant(params = {}) ⇒ Struct
Adds a grant to an application.
3483 3484 3485 3486 |
# File 'gems/aws-sdk-ssoadmin/lib/aws-sdk-ssoadmin/client.rb', line 3483 def put_application_grant(params = {}, = {}) req = build_request(:put_application_grant, params) req.send_request() end |
#put_inline_policy_to_permission_set(params = {}) ⇒ Struct
Attaches an inline policy to a permission set.
ProvisionPermissionSet
after
this action to apply the corresponding IAM policy updates to all
assigned accounts.
3524 3525 3526 3527 |
# File 'gems/aws-sdk-ssoadmin/lib/aws-sdk-ssoadmin/client.rb', line 3524 def (params = {}, = {}) req = build_request(:put_inline_policy_to_permission_set, params) req.send_request() end |
#put_permissions_boundary_to_permission_set(params = {}) ⇒ Struct
Attaches an Amazon Web Services managed or customer managed policy to the specified PermissionSet as a permissions boundary.
3562 3563 3564 3565 |
# File 'gems/aws-sdk-ssoadmin/lib/aws-sdk-ssoadmin/client.rb', line 3562 def (params = {}, = {}) req = build_request(:put_permissions_boundary_to_permission_set, params) req.send_request() end |
#tag_resource(params = {}) ⇒ Struct
Associates a set of tags with a specified resource.
3601 3602 3603 3604 |
# File 'gems/aws-sdk-ssoadmin/lib/aws-sdk-ssoadmin/client.rb', line 3601 def tag_resource(params = {}, = {}) req = build_request(:tag_resource, params) req.send_request() end |
#untag_resource(params = {}) ⇒ Struct
Disassociates a set of tags from a specified resource.
3635 3636 3637 3638 |
# File 'gems/aws-sdk-ssoadmin/lib/aws-sdk-ssoadmin/client.rb', line 3635 def untag_resource(params = {}, = {}) req = build_request(:untag_resource, params) req.send_request() end |
#update_application(params = {}) ⇒ Struct
Updates application properties.
3682 3683 3684 3685 |
# File 'gems/aws-sdk-ssoadmin/lib/aws-sdk-ssoadmin/client.rb', line 3682 def update_application(params = {}, = {}) req = build_request(:update_application, params) req.send_request() end |
#update_instance(params = {}) ⇒ Struct
Update the details for the instance of IAM Identity Center that is owned by the Amazon Web Services account.
3713 3714 3715 3716 |
# File 'gems/aws-sdk-ssoadmin/lib/aws-sdk-ssoadmin/client.rb', line 3713 def update_instance(params = {}, = {}) req = build_request(:update_instance, params) req.send_request() end |
#update_instance_access_control_attribute_configuration(params = {}) ⇒ Struct
Updates the IAM Identity Center identity store attributes that you can use with the IAM Identity Center instance for attributes-based access control (ABAC). When using an external identity provider as an identity source, you can pass attributes through the SAML assertion as an alternative to configuring attributes from the IAM Identity Center identity store. If a SAML assertion passes any of these attributes, IAM Identity Center replaces the attribute value with the value from the IAM Identity Center identity store. For more information about ABAC, see Attribute-Based Access Control in the IAM Identity Center User Guide.
3759 3760 3761 3762 |
# File 'gems/aws-sdk-ssoadmin/lib/aws-sdk-ssoadmin/client.rb', line 3759 def update_instance_access_control_attribute_configuration(params = {}, = {}) req = build_request(:update_instance_access_control_attribute_configuration, params) req.send_request() end |
#update_permission_set(params = {}) ⇒ Struct
Updates an existing permission set.
3803 3804 3805 3806 |
# File 'gems/aws-sdk-ssoadmin/lib/aws-sdk-ssoadmin/client.rb', line 3803 def (params = {}, = {}) req = build_request(:update_permission_set, params) req.send_request() end |
#update_trusted_token_issuer(params = {}) ⇒ Struct
Updates the name of the trusted token issuer, or the path of a source attribute or destination attribute for a trusted token issuer configuration.
3851 3852 3853 3854 |
# File 'gems/aws-sdk-ssoadmin/lib/aws-sdk-ssoadmin/client.rb', line 3851 def update_trusted_token_issuer(params = {}, = {}) req = build_request(:update_trusted_token_issuer, params) req.send_request() end |